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AMENDMENTS TO THE CLAIMS 

1 . (Original) A node of a network maintaining an instance of an intrusion 
prevention system, the node comprising: 

a memory module for storing data in machine-readable format for retrieval and 
execution by a central processing vmit; and 

an operating system comprising a network stack comprising a protocol driver, a 
media access control driver and an instance of the intrusion prevention system implemented 
as an intermediate driver and bound to the protocol driver and the media access control 
driver, the intrusion prevention system comprising an associative process engine and an 
input/output control layer, the input/output control layer operable to receive at least one of a 
plurality of machine-readable network-exploit signatures from a database and provide the at 
least one machine-readable network-exploit signatures to the associative process engine, the 
associative process engine operable to compare a packet with the at least one machine- 
readable network-exploit signature and determine a correspondence between the packet and 
the at least one machine-readable network-exploit signature. 

2. (Original) The node according to claim 1, wherein the database is maintained 
in a storage device of the node. 

3. (Original) The node according to claim 1, wherein each of the plurality of 
machine-readable network-exploit signatures comprise a respective directive that defines 
instructions to be executed upon determination of a correspondence between the packet and 
the respective exploit signature. 

4. (Original) The node according to claim 1, wherein, upon determination of a 
correspondence between the packet and two or more of the plurality of machine-readable 
network-exploit signatures, each of the directives of the two or more machine-readable 
network-exploit signatures are executed by the intrusion prevention system. 

5. (Original) The node according to claim 1, wherein, upon determination of a 
correspondence between the packet and two or more of the plurality of machine-readable 
network-exploit signatures, an alternative directive is executed, the alternative directive 
dependent upon the combination of the two or more network-exploits signatures having a 
correspondence with the packet. 
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6. (Original) A method of analyzing a packet at a node of a network by an 
intrusion prevention system executed by the node, comprising: 

reading the packet by the intrusion prevention system; 
comparing the packet with a plurality of machine-readable network-exploit 
signatures; and 

determining a correspondence between the packet and at least two of the plurality of 
machine-readable network-exploit signatures. 

7. (Original) The method according to claim 6, further comprising generating a 
record of the at least two of the plurality of machine-readable network-exploit signatures 
with which a correspondence with the packet is made. 

8. (Original) The method according to claim 7, further comprising transmitting 
the record to a management node connected to the network. 

9. (Original) The method according to claim 7, further comprising logging the 
record in a database. 

10. (Original) The method according to claim 6, further comprising executing, by 
the intrusion protection system, a respective directive of each of the at least two machine- 
readable signatures determined to correspond with the packet. 

1 1 . (Original) The method according to claim 6, further comprising executing, by 
the intrusion protection system, at least one directive of at least one of the machine-readable 
network-exploit signatures of the record determined to have a correspondence with the 
packet. 

12. (Original) The method according to claim 6, further comprising executing, by 
the intrusion protection system, an alternative directive dependent on the record of machine- 
readable signatures determined to have a correspondence with the packet. 
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13. (Previously Presented) A computer-readable medium having stored thereon a 
set of instructions to be executed, the set of instructions, when executed by a processor, cause 
the processor to perform a computer method of: 

comparing a packet with a plurality of machine-readable network-exploit signatures; 
determining a correspondence between the packet and at least two of the plurality of 
machine-readable network-exploit signatures; and 

generating a record of the at least two signatures with which the correspondence is 

made. 

14. (Original) The computer readable medium according to claim 13, further 
comprising a set of instructions that cause, when executed by the processor, the processor to 
perform a computer method of: 

determining a correspondence between the packet and a subset of the plurality of 
machine-readable network-exploit signatvires, each machine-readable network-exploit 
signature comprising a directive; and 

executing, by the processor, each directive of the record of machine-readable 
signatures. 

15. (Previously Presented) The computer readable medium according to claim 
13, further comprising a set of instructions that cause, when executed by the processor, the 
processor to perform a computer method of executing a directive dependent on the 
corresponding machine-readable network-exploit signatures. 

16. (New) The computer readable medium according to claim 13 wherein said set 
of instructions for performing said comparing is implemented as an intermediate driver 
within a network stack of an operating system. 

17. (New) The computer readable medium according to claim 16 wherein said 
intermediate driver is bovmd to a protocol driver and a media access control driver included 
in said network stack. 
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1 8. (New) The computer readable medium according to claim 16 wherein the 
intermediate driver further comprises: 

an associative process engine and an input/output control layer; 

wherein the input/output control layer comprises instructions operable to receive the 
at least two of the plurality of machine-readable network-exploit signatures from a database 
and provide the at least two machine-readable network-exploit signatures to the associative 
process engine; and 

wherein the associative process engine performs the comparing and determining. 

19. (New) The computer readable medium according to claim 16 wherein said set 
of instructions for performing said determining is implemented as said intermediate driver 
within said network stack of said operating system. 

20. (New) The computer readable medium according to claim 13 wherein said set 
of instructions for performing said determining is implemented as an intermediate driver 
within a network stack of an operating system. 
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